CVE-2023-34345: Path Traversal
First published: Mon Jun 12 2023(Updated: )
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.
Credit: biossecurity@ami.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ami Megarac Sp-x | >=12.0<12.7 | |
| Ami Megarac Sp-x | >=13.0<13.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this AMI BMC vulnerability?
The vulnerability ID for this AMI BMC vulnerability is CVE-2023-34345.
What is the title of this vulnerability?
The title of this vulnerability is "AMI BMC contains a vulnerability in the SPX REST API where an attacker with the required privileges …".
What is the severity level of CVE-2023-34345?
The severity level of CVE-2023-34345 is medium.
How does this vulnerability in the SPX REST API of AMI BMC allow an attacker to access arbitrary files?
This vulnerability allows an attacker with the required privileges to access arbitrary files through the SPX REST API of AMI BMC, potentially leading to information disclosure.
How can I fix the AMI BMC vulnerability identified by CVE-2023-34345?
To fix the AMI BMC vulnerability identified by CVE-2023-34345, it is recommended to update to a version higher than 13.5 or apply the necessary security patches provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- vendor/ami
- canonical/ami megarac sp-x
- version/ami megarac sp-x/12.0
- version/ami megarac sp-x/13.0